CyberSecurity Analyst II / Information Technologist II
The MSU Information Security team aims to achieve university success through precision Information Security focused on risk management, engagement, and education.
As a valued member of this team, the CyberSecurity Analyst II administers, analyzes, monitors, operates, troubleshoots, and modifies multiple enterprise information security systems and applications of high complexity following departmental standards, practices, and procedures, in coordination with a team of support professionals; responds to urgent issues 24x7 via participation in after-hours availability rotation schedule as part of information security on-call team which will require working some evenings and weekends; and acts as an independent resource and liaison to staff on investigations, analyses, and responses to cyber incidents within the network environment or enclave.
Michigan State University (MSU) is a top 100 global university located in East Lansing, three miles east of the state’s capitol. The MSU community includes more than 12,000 faculty, academic and support staff, as well as 49,695 students. MSU offers an extensive benefits package to its employees including health care, prescription, and dental coverage, and a base retirement program with a University matching contribution, as well as basic life insurance. In addition, MSU offers educational benefits including a course fee courtesy program and educational assistance.
MSU Information Technology provides the primary leadership for strategic, financial, and policy initiatives affecting information technology (IT) across MSU. MSU IT offers technology resources that support MSU’s mission of providing education, conducting research, and advancing engagement.
Diversity, Equity and Inclusion (DEI) are essential elements, vital to the culture MSU Information Technology endeavors to cultivate. This includes providing opportunities and access for all people which incorporate differences of race, age, color, ethnicity, gender, sexual orientation, gender identity, gender expression, religion, national origin, migratory status, disability/abilities, political affiliation, veteran status and socioeconomic background.
Unit Specific Education/Experience/Skills
Knowledge equivalent to that which normally would be acquired by completing a four-year college degree program; three to five years of related and progressively more responsible or expansive work experience in information technology, risk, and/or compliance; or security administration and operations, or incident response, or an equivalent combination of education and experience.
- Moderate/Junior level knowledge of various network protocols such as TCP/IP, DHCP, DNS, UDP, and routing protocols.
- Moderate/Junior level knowledge of security policies, firewalls, VLANs, and network configuration.
- Moderate/Junior level knowledge of multiple operating systems including Windows, Linux, and vendor proprietary.
- Ability to diagnose, health check, and troubleshoot various enterprise security systems with assistance from vendor support or senior team members. Including use of CLI commands, remote management, and UI interfaces.
- Ability to identify and escalate complex and advanced issues requiring urgent attention in a 24/7 environment.
- Entry/Junior Industry/Technology specific certification or education course (Vendor training, Security+, CCNA, Network+, etc.)
*The following desired qualifications are based upon the NIST NICE framework for cybersecurity*
- Apply security policies to applications that interface with one another, such as Business-to-Business (B2B) applications. (T0015)
- Apply security policies to meet security objectives of the system. (T0016)
- Apply service-oriented security architecture principles to meet organization's confidentiality, integrity, and availability requirements. (T0017)
- Implement specific cybersecurity countermeasures for systems and/or applications. (T0123)
- Properly document all systems security implementation, operations, and maintenance activities and update as necessary. (T0194)
- Assess the effectiveness of security controls. (T0309)
- Assess adequate access controls based on principles of least privilege and need-to-know. (T0475)
- Implement security measures to resolve vulnerabilities, mitigate risks, and recommend security changes to system or system components as needed. (T0485)
- Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation. (T0489)
- Skill in discerning the protection needs (i.e., security controls) of information systems and networks. Including how the CIA triad may apply. (S0034 & S0006)
- Skill in designing the integration of hardware and software solutions. (S0024)
- Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes. (S0027)
- Skill in securing network communications. (S0077)
Equal Employment Opportunity Statement
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, citizenship, age, disability or protected veteran status.
Required Application Materials
Resume and Cover Letter
The university is requiring all MSU students, faculty and staff to be vaccinated against COVID-19 with limited exceptions. Learn more at: https://msu.edu/together-we-will/
Three professional references knowledgeable of your work.
Remote Work Statement
MSU strives to provide a flexible work environment and this position has been designated as remote-friendly. Remote-friendly means some or all of the duties can be performed remotely as mutually agreed upon.